Home >Documents >Numeric to Numeric Encryption of Databases Using 3kDES Algorithm

Numeric to Numeric Encryption of Databases Using 3kDES Algorithm

Date post:21-Apr-2015
Category:
View:136 times
Download:3 times
Share this document with a friend
Transcript:

2009 IEEE International Advance Computing Conference (IACC 2009) Patiala, India, 6-7 March 2009

Numeric To Numeric Encryption of Databases: Using 3Kdec Algorithm1 Pursuing M Tech (BBSBEC, Fatehgarh Sahib), 2 Asst. Professor, BBSBEC, Fatehgarh Sahib, 3 Release Manager, Miri InfoTech Chandigarh

Kamaljit Kaur 1, K.S Dhindsa 2, Ghanaya Singh 3

Abstract-the volume of data storage capacity has changed a lot as compared with earlier times. As most computers were standalone and only the users had access to data, security was not a big concern. All this changed when computers became linked in networks, in form of small dedicated networks to large LANs, WANs and the World Wide Web. With the growth of networking the security of data became a big issue. Data passes through various networks, communication protocols, and devices to ultimately reach to the user which has made data security increasingly important. Security is becoming one of the most

consideration like should the encryption be performed inside the database or in the application where the data is generated or in a hardware device? Should encryption keys be kept inside the database or somewhere else where it is more secure? Should the granularity of encrypting data be applied to a database, a table or a column level? [2]resides in the databases.In this paper we will focus on a security solution for protection of data at rest, specifically protection of numeric data that

urgent challenges in database research and industry. Instead of building walls around servers, a protective layer of encryption should be provided around specific sensitive data-items. This also allows us to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods.

ENCRXTIONla Il:tlXXT

PLAINTEXT

|0|0001234

ENCRYPTION

|3412 4

This paper describes a highly original and new approach of securing numeric data of databases. It presents a practical solution to the problem where numeric data was converted to alphanumeric type and hence encrypted data was not possible to be stored in the existing numeric field. The proposed algorithm allows transparent record level encryption that does not change the data field type or fixed length.

ENCRPTT N PRO(CESSFigure 1. Illustrating encryption of Plaintext (as numeric data) to Ciphertext (again numeric data)

DECRPThON|IYffRTEP =:ETNT

Keywords-Encryption; Decryption; Symmetric Encryption; Block Cipher; Key Expansion; Substitution box; Row Shifting; AddKey. INTRODUCTION The best way of securing the data is to restrict access to the data which can be achieved by the process of authenticationI.

5334f2

L00Q012 34LDECRXTPTION PROCESS

and authorization. A user should be asked for authenticatingF nform zation Figure 2. Illustrating decryption of numeric data as Plaintext into numeric bef ounlyc informnation before accessing the dataand should only be and sorul data as Ciphertext allowed to perform the operations for which access rights are available. If the data to be accessed is on a local machine, II. ABOUT 3KDEc ALGORITHM applying access control is easy, but if data is accessed from a remote client, user credentials and data needs to be secured on The algorithm is named 3Kdec from its working as it the network. In such situations security protocols are used. encrypts numeric data which is in form of decimal using three Incase that a malicious user somehow breaches the above keys which can be changed anytime. security provisions and gets access to data; the only solution is 3Kdec is a Symmetric key Block encipherment scrambling the data. So encrypting the data whether it is inmotion or at-rest - is the next level of security that will make algorithm. the data worthless for the hacker the data wortless for thehacker [10].Symmetric key algorithm is one which uses a single secret F[10]. Encryption is the process of disguising data in such a way key for both encryption and decryption. Encryption/Decryption to hide its substance, is a very effective way to achieve security as visualized in Figure 1 and 2 above can be considered as an for data at rest. Implementation of a database encryption electronic locking where sender puts the message in a box and strategy raises several important factors that must be taken into locks the box using the shared secret key; receiver unlocks the

978-1-4244-2928-8/09/$25.00 ( 2009 IEEE

1501

Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on July 18, 2009 at 02:27 from IEEE Xplore. Restrictions apply.

box with the same key and takes out the message. The original message is called plaintext and the message sent through the channel after encryption is called ciphertext. To create ciphertext from the plaintext sender uses an encryption algorithm and a shared secret key. To create plaintext from the ciphertext receiver uses a decryption algorithm and the same secret key. The key can be visualized as a set of values/numbers that the cipher as an algorithm operates on [1]. In symmetric key encipherment the encryption and decryption algorithms are inverses of each other. If P is the plaintext, C is the ciphertext, and K is the key, the encryption algorithm EK(x) creates the ciphertext from; the decryption algorithm DK(X) creates the plaintext from the ciphertext. Encryption algorithm EK(x) and the decryption algorithm DK(x) are inverses of each other and they cancel the effect of each other when applied one after the other on the same input. Encryption: C= EK (P)

2. Find and Substitute

3. Row Shift 4. Add set KeyA. KEYEXPANSION In this step, the single key of the three keys are expanded to as many as three keys summing up the total of nine keys to be used in the maximum nine rounds. Keyl is expanded as Key 10, Key 1l and Key 12 and similarly Key 20, Key 21, Key 22,Key 30, Key 31 and Key 32.

h.

Decryption: P= DK (C)That is, P= DK (C) = DK (EK (x)) = EK (DK (x)) = x Block Ciphers means a group of plaintext symbols of size a of m (where m>1) are encrypted together creating a group of ciphertext of the same size [5].

The complexity of key expansion is directly depending on number of rounds. Incase of 3 rounds there will be algorithm complexity of one; while incase of 6 rounds there will be a complexity of two and similarly three incase of 9 rounds. The process of expansion of Key 1 into its constituent Key 10, Key and Key12 is as follows in Figure 4: Key 10is same as Key 11

groupofpl Blokerem>l) areCencrypter togetheansreati

Key 11 is shifting the row 1 zero times, row 2 elements one time and row 3 elements two times with respect to original key Keyl. Key 12 is shifting the row 1 one times, row 2 elements two times and row 3 elements zero times with respect to original key Keyl.

III. KEY COMPONENTS OF 3KDEC ALGORITHM 3Kdec algorithm uses: * Numeric data to be encrypted. * Three keys (stored as three 3 X 3 matrix) * Substitution Box (commonly referred as SBox) and an inverse S-box * Variable number of Rounds ( which can be 3, 6 or 9) Algorithm operates on following steps in sequence for set number of rounds as illustrated in Figure 3:

With variable number of rounds and varying key expansions the complexity of algorithm increases.ICey I

5

2

X

2 5

-5

l I2_

|

12

2

7. 7

2

1;2a

0 DD:0

.,44

X.

2

2

2 7

0

4~

1

2

Input

K1|EYAN

.~~T

~

~

4

2

~~~~~~~~~~~~~~1

5

......_ .

5

2

4 2|t1

-

IROW S=TT AJ~I'Y DI 1

R~EOutput

I IyS l

I E

2

I

0

5

0 a1

5

I i

5

II5

9

R}

0

Figure 3. Illustration of 3Kdec Algorithm Working

1.

Key ExpansionFigure 4. Key Expansion Process

11502

2009 IEEE Internactionalz Advance Computing Conference (IACC 2009)

Authorized licensed use limited to: K.S. Institute of Technology. Downloaded on July 18, 2009 at 02:27 from IEEE Xplore. Restrictions apply.

B. FIND AND SUBSTITUTE

1.

Initially the user will be prompted for the plaintext to be encrypted and the number of rounds of the encryption processthat the user want to carry out. INPUT: 1234 The initial step is to pad the input data with Os i.e. the input to be encrypted becomes: 000001234NUMBER OF ROUNDS: 9

In this step, the byte to be encrypted is found and substituted independently to provide the confusion effect. There is no fixed mechanism or any mathematical correlation in the formation of S-box. The entries of S-box can be different in different encryption processes. So the simple structure and variable entries of Substitution Box makes the algorithm eligible to be used as a Personal Encryption Algorithm where different S-Box variants can be used in encryption process depending on the party we are dealing with and the varying complexity levels can be set according to our needs.

THREE SET OF KEYS where eachkey is 3X3 matrix Then the three are expanded using the Key expansion process as described above. Number of key expansions depends upon the user input of number of rounds. Now the three transformations: Find and Substitute; Row Shift and Add Set Key are carried out on input for the set number of rounds.

Example:7

0

33

1

6

2

31

o

4

1

2

6

31

0 9 Substitution

Click here to load reader

Embed Size (px)
Recommended